[19132] in Kerberos
Re: key salting and kerberos v5
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Apr 28 01:48:38 2003
To: Sam Hartman <hartmans@mit.edu>
From: Tom Yu <tlyu@MIT.EDU>
Date: Mon, 28 Apr 2003 01:47:54 -0400
In-Reply-To: <tslk7dfjy24.fsf@konishi-polis.mit.edu> (Sam Hartman's message
of "Sun, 27 Apr 2003 19:54:59 -0400")
Message-ID: <ldvk7df6ulx.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
cc: Calimer0 <cryos98@yahoo.com>
Errors-To: kerberos-bounces@mit.edu
>>>>> "Sam" == Sam Hartman <hartmans@MIT.EDU> writes:
Sam> It is. Kadmin should really say default salt not no salt. That's
Sam> what it actually means.
Sam> It says no salt because there is no salt tuple associated with the key
Sam> entry. When no such tuple exists, then the default salt is used.
Further confusing matters, the MIT KDC doesn't distinguish between a
key having the default salt and a key having no associated password
(e.g. a service principal's random key). In the latter case, "no
salt" actually makes some amount of sense, though it's more accurately
"no user-typable password". For both cases, though, the KDC stores no
salt data in the record for the key in question.
---Tom
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
